EU AI Act Guides

The EU AI Act is the world's first comprehensive legal framework for artificial intelligence. It establishes rules for AI development and deployment based on risk levels, from minimal to unacceptable risk, with corresponding requirements for each category.

The EU AI Act entered into force on August 1, 2024. Prohibited AI practices apply from February 2025. Most provisions, including high-risk AI requirements, apply from August 2026. GPAI model requirements apply from August 2025.

The EU AI Act defines four risk categories: Unacceptable (banned, e.g., social scoring), High-risk (strict requirements, e.g., hiring systems), Limited risk (transparency obligations, e.g., chatbots), and Minimal risk (no restrictions, e.g., AI-enabled games).

The Act applies to AI providers placing systems on the EU market, deployers using AI in the EU, and importers/distributors. It applies regardless of where the provider is located if the AI is used within the EU.

High-risk AI includes systems used in biometric identification, critical infrastructure, education, employment, essential services access, law enforcement, migration, and justice. These systems require conformity assessments and ongoing monitoring.

The EU AI Act complements GDPR. AI systems processing personal data must comply with both regulations. GDPR's data protection principles apply, plus the AI Act's specific requirements for transparency, human oversight, and risk management.

Penalties depend on the violation: Up to EUR 35 million or 7% of global annual turnover for prohibited AI practices, EUR 15 million or 3% for high-risk violations, and EUR 7.5 million or 1.5% for providing incorrect information.

Start by inventorying all AI systems in use, classifying them by risk level, documenting AI governance processes, ensuring transparency mechanisms exist, and establishing human oversight procedures for high-risk systems.